The standard has its origins in the 2005 Australian standard AS8015. ISO/IEC 29382 was published in 2007, having been created to address the Corporate Governance of Information and Communication Technology. It was officially renamed and republished as ISO/IEC 38500 in 2008.

ISO/IEC 38500 defines the following six principles of IT Governance:

Establish responsibilities

Plan to best support the organisation

Acquire validly

Ensure performance when required

Ensure conformance with rules

Ensure respect for human factors.

Implementing ISO 38500

The Calder-Moir IT Governance Framework offers structured guidance on how to approach this complex subject, and provides a useful tool for benchmarking the balance and effectiveness of IT governance practices within an organisation. The IT Governance Toolkit also provides practical assistance and guidance for practitioners and board members who are tackling the subject.

The overarching scope of the IT governance framework is depicted in the diagram below:

We have developed the IT Governance Framework Toolkit as a documentation tool to help you implement the Calder-Moir framework cost-effectively and align your management systems to ISO/IEC 38500.

Sub-domains of IT Governance

Broadly speaking, the sub-domains of IT governance include: ITIL, COBIT, ISO 27002 and King III.

There are four widely recognised, vendor-neutral, third party frameworks that are often described as 'IT governance frameworks'. While none of them is completely adequate to that task on their own, each has significant IT governance strengths.

ITIL, or IT Infrastructure Library®, was developed by the UK's Office of Government Commerce as a library of best practice processes for IT service management. Widely adopted around the world, ITIL is supported by ISO/IEC 20000, against which independent certification can be achieved.

COBIT, or Control Objectives for Information and related Technology, now in version 5, was developed by America's IT Governance Institute. COBIT is increasingly accepted as good practice for control over information, IT and related risks. COBIT's Management Guidelines component contains a framework for the control and measurability of IT by providing tools to assess and measure the enterprise’s IT capability for the 37 identified COBIT processes. Governance of the Extended Enterprise, published by the IT Governance Institute, explores how some of the world's most successful enterprises have integrated information technology with business strategies, culture, and ethics to optimise information value, attain business objectives, and capitalise on technologies in highly competitive environments.

ISO27002 is designed to support ISO27001, the global best practice standard for information security management in organisations.

KING III is a set of corporate governance principles which enhance the effectiveness of a company’s performance. This framework was compiled by the King Committee in response to the emergence of the South African Companies Act 71 of 2008. King III is now law in South Africa, and represents a significant milestone in the evolution of corporate governance. Download our free KING III & IT governance Briefing Paper here >>

The four IT governance frameworks above are best-practice approaches to regulatory and corporate governance compliance. Many organisations have trouble implementing a framework which integrates all four of these frameworks. The IT Governance Institute (ITGI), the owners of COBIT, has, with the owners of ITIL AXELOS, put together the recently released Joint Framework, which is a good step to the right direction. The Joint Framework simplifies the planning process for the implementation of more than one of these four frameworks, and provides detailed mapping of the various clauses within each of these frameworks.